Version: 2022-09-25Link to Whistleblower Report
This Whistle-blower Policy applies to all companies in the IST Group listed below (collectively referred to as “IST”, “we”, “us”):
IST has the ambition to have the highest possible standards of transparency and honesty. The purpose of this whistleblowing policy is to make it easier for our employees and parties dealing with the company to report suspected irregularities in the company’s work. We want to inform you as a whistleblower about how we support you so that you can safely create and submit a whistleblower report (“Whistleblower Report”) and know who to contact.
The policy further describes how we ensure that we support you in a responsible manner and in accordance with the law, including the EU Directive (2019/1937) on the protection of persons reporting breaches of EU law (“EU Whistleblower Directive”). Finally, the policy also describes what rights you have and how you can exercise them. If you have any questions about this whistleblowing policy and/or how to file a whistleblowing report, please contact us using the contact details below.
1.1 As a whistleblower, you can be an employee or a person who has self-employment status, a shareholder or a person belonging to the company’s administrative, management or supervisory body, as well as a volunteer. You as a whistleblower can also be any person who works under the supervision and guidance of contractors, subcontractors, and suppliers to us.
1.2 Please note that you can still be a whistleblower even if our work-based relationship has ended or if it has not yet begun.
2.1 The Company is liable if you make a whistleblower report under this Policy. As a result, we have a responsibility to protect you, which includes not disclosing your identity to anyone other than the authorized persons who receive your whistleblower report (unless you expressly agree or that we are required to disclose your identity by law) and ensuring that your report does not result in consequences.
2.2 However, please note that you also have a responsibility in this whistleblowing policy. We expect you to only report information and personal data that is relevant to the handling of your whistleblowing report. We also ask you not to report personal work-related complaints, such as conflicts between you and other employees or a decision related to your employment or engagement. Personal work-related complaints should be raised with HR staff and/or your manager or relevant responsible person.
3.1 You are welcome to submit a whistleblower report if you received the information while in a work-based relationship with us. You should have reasonable grounds to believe that there are false or factual violations of applicable rules or regulations in relation to us.
3.2 In particular, the Whistleblower Act states the importance of reporting in the following areas:
We strongly encourage you to file a whistleblower report in these areas.
3.3 Please note: It is important that, taking into account the circumstances and the information available to you at the time of filing a whistle-blower report, you believe that the contents of the report are true.
4.1 We enable you to submit a whistleblower report in writing or orally. Oral reporting is possible by telephone and at your request, through a physical meeting with a designated impartial person. For oral reporting use phone: +46 (0) 470-70 71 00 (IST’s reception).
4.2 Written reporting is possible via our external whistleblowing system available 24 hours a day. Submit a whistleblower report in Interactive Security System here: https://ist.whistlelink.com/
4.3 You will receive a confirmation that your whistleblower report has been received within 7 days of submission, unless we consider that an acknowledgement would, for example, compromise the protection of your identity. We have appointed 3 persons who are authorized to follow-up of the whistleblower report. One of these persons will maintain communication with you and, if necessary, ask for additional information from you. No later than three months from the confirmation report is received, you will receive feedback via the system
4.4 When submitting a whistleblower report, we would also like to inform you that you can choose to report anonymously. This does not affect your rights and protection under the “EU Whistleblower Directive”.
4.5 Finally, we would also like to clarify that if internal reporting is not appropriate, it is possible to submit a whistleblowing report externally to competent authorities and, where relevant, to EU institutions, bodies, offices or agencies. See below in section 7 where you can turn if you want to report to an external authority.
5.1 Our goal is to always protect the personal data we process to the best of our ability. This means that we are always committed to protecting your privacy and to complying with applicable personal data legislation, including but not limited to the General Data Protection Regulation (GDPR).
6.1 We have taken it upon ourselves to implement and maintain the necessary and reasonable steps to prohibit any form of retaliation against you for filing a whistleblower report, including threats and attempted retaliation.
6.2 As a further example, prohibiting retaliation due to the submission of a whistleblower’s report, such as a ban on:
7.1 In addition to the information in this Whistleblower Policy, competent authorities provide comprehensive and independent information and advice on the procedures and measures available, as well as on protection against retaliation and your rights. You can also make a notification to the competent authority responsible for the area to which your notification relates. In connection with the entry into force of the new Whistleblower Act, the following authorities have established external whistleblowing channels where you can turn with your suspicions.
7.2 In Sweden these authorities are: The Swedish Work Environment Authority, the National Board of Housing, Building and Planning, the Swedish Electrical Safety Authority, the Swedish Economic Crime Authority, the Swedish Real Estate Agency, the Swedish Financial Supervisory Authority, the Public Health Agency, the Swedish Agency for Marine and Water Management, the Swedish Authority for Privacy Protection, the Inspectorate for Strategic Products, the Inspectorate for Health and Social Care, the Swedish Chemicals Inspectorate, the Swedish Consumer Agency, the Swedish Competition Authority, the National Food Agency, the Medical Products Agency, the County Administrative Boards, the Swedish Civil Contingencies Agency, the Swedish Environmental Protection Agency, the Swedish Post and Social Care Agency, the Swedish Post and Social Care Authority. the Swedish Telecom Agency, the Government Offices, the Swedish Auditor’s Inspectorate, the Swedish Tax Agency, the Swedish Forest Agency, the Swedish Gambling Authority, the Swedish Energy Agency, the Swedish National Board of Agriculture, the Board for Accreditation and Technical Control, the Swedish Radiation Safety Authority and the Swedish Transport Agency.
7.3 In Denmark the authority is: The Danish Data Protection Agency “Datatilsynet”, who maintains the external whistleblower service here: https://whistleblower.dk/
7.4 In Norway: Not applicable
7.5 In Germany: Not implemented in National legislation (September 2022)